19-years-old WinRAR vulnerability leads to over 100 malware exploits

After being a staple on PCs for so many years, last month it was discovered that WinRAR, software used to open .zip archive files, has been vulnerable for the last 19 years to a bug that’s easily exploited by hackers and malware distributors. Fortunately, the software has been patched with the recent release of version 5.70, but after being unchecked for so long and installed by so many people, a new wave of malware is taking advantage.

Check Point, the security researchers that revealed the WinRAR bug, explain that the software is exploited by giving malicious files a RAR extension, so that when opened they can automatically extract malware programs. These programs are installed in a PC’s startup folder, allowing them to start running anytime the computer is turned on, all without the user’s knowledge.

Once the bug was disclosed, however, hacker groups really began using it to their advantage, with various nations becoming the target of state-backed cyber-espionage campaigns attempting to collect intelligence. The latest comes from McAfee, the software security firm, which notes that it has identified over 100 unique exploits that use the WinRAR bug, most of them targeting the US.

Malware distributors are well aware of WinRAR’s prevalence among those who prefer to illegally download their media, as McAfee notes that one of the more popular exploits targets victims with a bootleg copy of Ariana Grande’s latest album, Thank U, Next.

The WinRAR software isn’t nearly as popular as it was years ago, but since it’s racked up over 500 million users in almost 20 years, there’s no way to know how many have been affected by the bug. The other big problem is that while version 5.70 was released in late January, it must be manually downloaded and installed from the website, leaving most users unaware of the critical update.